BSoD C0000135 %hs error

Saliom

Saliom

New Member
Thread author
May 14, 2014
1
Hi here!

Im today here to request you to help me in a big problem with my Windows 7 x64 Ultimate edition installed in one of my laptop's partitions. I scanned my PC with Malwarebytes Anti-Malware, it found some virus, after the cleaning, it requested to reboot the computer to finish the cleaning. But after the reboot, it bootloop, and when I disable "Disable Automatic Restart on system failure" after pressing F8 after the BIOS screen it shows me a Blue Screen of Death with this message : "STOP: c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem".

Since this moment, I can't access to my Windows and I can't access to the Safe Mode too (with or without connexion). But I can still access to the registry editor with the command prompt after selecting "Repair your computer" on the Recovery Console.

I tried some fix like this one, and this one, but no one of them worked for me. I tried as last to run a scan with Farbar Recovery Scan Tool x64 and a search on "services.exe;winsrv.*".

  • Here is my FRST.txt file after the scan :
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by SYSTEM on MININT-HALJU0E on 13-05-2014 16:48:42
Running from G:\
Platform: Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [rescue] => C:\ProgramData\rescue.vbe [1890 2014-05-13] ( ())
HKU\Saliom\...\Run: [SmartRAM] => "D:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m
HKU\Saliom\...\Run: [AdobeBridge] => [X]
HKU\Saliom\...\Run: [Advanced SystemCare 7] => "D:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\Saliom\...\Run: [Skype] => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Saliom\...\Run: [googletalk] => c:\program files (x86)\google\google talk\googletalk.exe [3297280 2007-11-20] (Google)
HKU\Saliom\...\Run: [EPSON Stylus CX4300 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAR.EXE [211456 2007-02-28] (SEIKO EPSON CORPORATION)
HKU\Saliom\...\Run: [uTorrent] => C:\Users\Saliom\AppData\Roaming\uTorrent\uTorrent.exe [1272400 2014-05-09] (BitTorrent Inc.)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Saliom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> (No File)
Startup: C:\Users\Saliom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2013-07-10] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-29] (IObit)
S4 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
S2 system; C:\Windows\System32\system\svchost.exe [12 2014-05-13] ()
S4 AdvancedSystemCareService7; D:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [X]
S4 DsiWMIService; D:\Program Files (x86)\Launch Manager\dsiwmis.exe [X]
S2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S2 MBAMScheduler; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S3 npggsvc; No ImagePath
S2 SkypeUpdate; "D:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S4 wampapache; "D:\wamp\bin\apache\apache2.4.2\bin\httpd.exe" -k runservice [X]
S4 wampmysqld; D:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe wampmysqld [X]

==================== Drivers (Whitelisted) ====================

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-20] (DT Soft Ltd)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-22] (Intel Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-13] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 881AF14AD2F1207672873B65ACA6C92F
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57xdbd.sys F9EB252CD589EBB2F77744450F123F60
C:\Windows\System32\DRIVERS\b57xdmp.sys FFA28D0356212A2DCF304C58E2369494
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bScsiMSa.sys 45218A053209DA867A9B334CCAD0AD01
C:\Windows\System32\DRIVERS\bScsiSDa.sys 280E8031E1703CAFF17C7727B74817A5
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 4ACAB07CC8AE9B4BEFB4BA1A0879A584
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D1753C06EE17E29352B065EACF3F10D0
C:\Windows\System32\DRIVERS\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\DRIVERS\iaStorF.sys CE5CD8CBE940965867D507AB8EA2795A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 276EE9CDAB16C50E1DF0E4CEFA882F5F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys D7B749051DA5FB4604F4141F19C47660
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 9D946134848CC59246704DCB5FC53BB8
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pneteth.sys A010F13D27C1033A8BE09D5FA9BF348B
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver.sys A0231DFA8CB7A40480A0CD324CEC282B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 257E378B293CCEE902F74B141F780E2D
C:\Windows\System32\DRIVERS\taphss.sys F33FDC72298DF4BF9813A55D21F4EB31
C:\Windows\System32\DRIVERS\taphss6.sys BD06799129D17F9BE08E2F6C168BBCF0
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 20155CF5FB9F7902178D7D5CDC7C0F90
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\usbser.sys B57B4F0BEC4270A281B9F8537EB2FA04
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 16:41 - 2014-05-13 16:48 - 00000000 ___DC () C:\FRST
2014-05-13 07:28 - 2014-05-13 07:28 - 00921600 ____N () C:\bootex.log
2014-05-13 07:28 - 2014-05-13 07:28 - 00003416 ____N () C:\bootsqm.dat
2014-05-13 03:38 - 2014-05-13 03:58 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-13 03:37 - 2014-05-13 03:37 - 00000793 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-13 03:37 - 2014-04-03 00:51 - 00088280 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-05-13 03:37 - 2014-04-03 00:51 - 00063192 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-05-13 03:37 - 2014-04-03 00:50 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-05-13 03:17 - 2014-05-13 03:17 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-13 03:17 - 2014-05-13 03:17 - 00000700 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-13 02:15 - 2014-05-13 03:30 - 00000512 ____C () C:\PhysicalDisk0_MBR.bin
2014-05-13 02:13 - 2014-05-13 02:13 - 00000786 ____C () C:\Users\Public\Desktop\ZHPFix.lnk
2014-05-13 02:09 - 2014-05-13 03:30 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\ZHP
2014-05-11 04:53 - 2014-05-11 05:15 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Curse Client
2014-05-11 04:52 - 2014-05-11 04:52 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Curse
2014-05-11 03:10 - 2014-05-13 03:59 - 00001736 ____C () C:\Windows\setupact.log
2014-05-11 03:10 - 2014-05-11 03:10 - 00000000 ____C () C:\Windows\setuperr.log
2014-05-10 08:48 - 2014-05-10 08:48 - 00000000 ___DC () C:\Users\Saliom\Documents\GitHub
2014-05-10 08:48 - 2014-05-10 08:48 - 00000000 ___DC () C:\Users\Saliom\.ssh
2014-05-10 08:45 - 2014-05-13 04:00 - 00005036 ____C () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Saliom PC
2014-05-10 08:41 - 2014-05-10 09:12 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\GitHub
2014-05-10 08:41 - 2014-05-10 08:48 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\GitHub
2014-05-10 08:27 - 2014-05-10 08:41 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\Deployment
2014-05-10 08:27 - 2014-05-10 08:27 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\Apps\2.0
2014-04-24 03:28 - 2014-06-01 15:53 - 00716931 ____C () C:\users\blood.dat
2014-04-24 03:24 - 2014-04-24 03:24 - 00000029 ____C () C:\Windows\DEBUGSM.INI
2014-04-23 08:48 - 2007-12-06 17:08 - 00108032 ____C (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMCAR.DLL
2014-04-23 08:48 - 2007-12-06 17:01 - 00081408 ____C (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBCAR.DLL
2014-04-23 08:48 - 2005-02-02 03:05 - 00008704 ____C (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL
2014-04-23 08:18 - 2014-04-23 08:18 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\EPSON
2014-04-23 08:15 - 2014-04-23 08:15 - 00002301 ____C () C:\Users\Public\Desktop\EPSON File Manager.lnk
2014-04-23 08:14 - 2014-04-23 08:14 - 00000000 ___DC () C:\Program Files (x86)\EPSON
2014-04-23 08:05 - 2014-04-23 10:47 - 00000000 ___DC () C:\ProgramData\EPSON
2014-04-23 08:03 - 2014-06-01 15:00 - 00716931 __SHC () C:\config.dat
2014-04-23 08:03 - 2014-05-20 22:21 - 00716931 __SHC () C:\users\Update.dat
2014-04-23 08:03 - 2014-05-13 04:02 - 00001890 ____C () C:\ProgramData\rescue.vbe
2014-04-23 08:03 - 2014-05-13 04:02 - 00000897 ___RC () C:\users\Mariage.lnk
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 _SHDC () C:\security
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 _SHDC () C:\Kernel
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 ___DC () C:\Windows\System32\system
2014-04-21 11:36 - 2014-04-21 11:36 - 00003498 ____C () C:\Windows\System32\Tasks\SmartDefrag3_Schedule
2014-04-21 11:36 - 2014-04-21 11:36 - 00003166 ____C () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-04-21 08:32 - 2014-04-21 08:32 - 00000000 ___DC () C:\Windows\Sun
2014-04-21 04:04 - 2014-04-21 04:04 - 00000000 ___DC () C:\ProgramData\Oracle
2014-04-20 13:41 - 2014-04-20 13:41 - 00001227 ____C () C:\Users\Saliom\Desktop\WebSite Auditor.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001204 ____C () C:\Users\Saliom\Desktop\LinkAssistant.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001185 ____C () C:\Users\Saliom\Desktop\SEO SpyGlass.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001185 ____C () C:\Users\Saliom\Desktop\Rank Tracker.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001162 ____C () C:\Users\Saliom\Desktop\BuzzBundle.lnk

==================== One Month Modified Files and Folders =======

2014-06-01 15:53 - 2014-04-24 03:28 - 00716931 ____C () C:\users\blood.dat
2014-06-01 15:00 - 2014-04-23 08:03 - 00716931 __SHC () C:\config.dat
2014-06-01 14:37 - 2013-10-12 11:53 - 00000132 ____C () C:\Users\Saliom\AppData\Roaming\Préfs Format PNG Adobe CS6
2014-06-01 12:38 - 2013-07-20 12:22 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-05-20 22:21 - 2014-04-23 08:03 - 00716931 __SHC () C:\users\Update.dat
2014-05-13 16:48 - 2014-05-13 16:41 - 00000000 ___DC () C:\FRST
2014-05-13 07:30 - 2009-07-13 20:45 - 00554360 ____C () C:\Windows\System32\FNTCACHE.DAT
2014-05-13 07:28 - 2014-05-13 07:28 - 00921600 ____N () C:\bootex.log
2014-05-13 07:28 - 2014-05-13 07:28 - 00003416 ____N () C:\bootsqm.dat
2014-05-13 04:08 - 2013-07-09 17:56 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\uTorrent
2014-05-13 04:02 - 2014-04-23 08:03 - 00001890 ____C () C:\ProgramData\rescue.vbe
2014-05-13 04:02 - 2014-04-23 08:03 - 00000897 ___RC () C:\users\Mariage.lnk
2014-05-13 04:01 - 2013-07-09 08:35 - 01958676 ____C () C:\Windows\WindowsUpdate.log
2014-05-13 04:00 - 2014-05-10 08:45 - 00005036 ____C () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Saliom PC
2014-05-13 04:00 - 2013-07-15 09:43 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Dropbox
2014-05-13 04:00 - 2013-07-09 13:37 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Skype
2014-05-13 03:59 - 2014-05-11 03:10 - 00001736 ____C () C:\Windows\setupact.log
2014-05-13 03:58 - 2014-05-13 03:38 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-13 03:57 - 2013-07-14 14:48 - 00001064 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 03:56 - 2014-02-21 12:00 - 00189738 ____C () C:\Windows\PFRO.log
2014-05-13 03:56 - 2009-07-13 21:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-05-13 03:55 - 2014-01-05 12:59 - 00000000 RSHDC () C:\Windows\install
2014-05-13 03:55 - 2013-12-20 05:15 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\genienext
2014-05-13 03:45 - 2013-07-09 17:30 - 00001002 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-13 03:37 - 2014-05-13 03:37 - 00000793 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-13 03:37 - 2013-08-15 21:36 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-05-13 03:30 - 2014-05-13 02:15 - 00000512 ____C () C:\PhysicalDisk0_MBR.bin
2014-05-13 03:30 - 2014-05-13 02:09 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\ZHP
2014-05-13 03:28 - 2013-07-14 14:48 - 00001068 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-13 03:17 - 2014-05-13 03:17 - 00002774 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-13 03:17 - 2014-05-13 03:17 - 00000700 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-13 03:12 - 2013-07-10 04:36 - 00000000 ___DC () C:\Windows\System32\Tasks\Games
2014-05-13 02:13 - 2014-05-13 02:13 - 00000786 ____C () C:\Users\Public\Desktop\ZHPFix.lnk
2014-05-13 02:13 - 2013-12-19 13:11 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\PMB Files
2014-05-13 01:54 - 2013-08-21 10:49 - 00000932 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541639210-3011669979-1197978124-1000UA.job
2014-05-13 01:47 - 2013-07-09 17:30 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 01:47 - 2013-07-09 17:30 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 01:47 - 2013-07-09 17:30 - 00003940 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 01:38 - 2013-12-04 02:30 - 00000000 ___DC () C:\ProgramData\ProductData
2014-05-12 18:32 - 2009-07-13 20:45 - 00009904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 18:32 - 2009-07-13 20:45 - 00009904 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 18:32 - 2009-07-13 19:20 - 00000000 ___DC () C:\Windows\SysWOW64\ar-SA
2014-05-12 18:32 - 2009-07-13 19:20 - 00000000 ___DC () C:\Windows\System32\ar-SA
2014-05-12 18:32 - 2009-07-13 19:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-05-12 17:00 - 2013-07-09 17:05 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\Adobe
2014-05-12 14:59 - 2013-07-12 10:28 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\FileZilla
2014-05-12 14:22 - 2013-10-06 12:27 - 00000600 ____C () C:\Users\Saliom\AppData\Local\PUTTY.RND
2014-05-12 13:53 - 2013-10-10 08:16 - 00000000 ___DC () C:\ProgramData\PMB Files
2014-05-12 10:54 - 2013-08-21 10:49 - 00000910 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541639210-3011669979-1197978124-1000Core.job
2014-05-12 04:53 - 2013-07-20 09:50 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\vlc
2014-05-11 05:15 - 2014-05-11 04:53 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Curse Client
2014-05-11 04:53 - 2013-10-10 08:18 - 00000000 _SHDC () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-11 04:52 - 2014-05-11 04:52 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\Curse
2014-05-11 03:10 - 2014-05-11 03:10 - 00000000 ____C () C:\Windows\setuperr.log
2014-05-10 12:06 - 2013-10-24 10:52 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-05-10 11:43 - 2013-08-21 06:58 - 02205226 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-10 11:43 - 2013-07-14 18:07 - 00474084 ____C () C:\Windows\System32\perfh001.dat
2014-05-10 11:43 - 2013-07-14 18:07 - 00095846 ____C () C:\Windows\System32\perfc001.dat
2014-05-10 11:43 - 2013-07-09 12:17 - 00750680 ____C () C:\Windows\System32\perfh00C.dat
2014-05-10 11:43 - 2013-07-09 12:17 - 00151406 ____C () C:\Windows\System32\perfc00C.dat
2014-05-10 11:43 - 2009-07-13 21:13 - 02205226 ____C () C:\Windows\System32\PerfStringBackup.INI
2014-05-10 09:12 - 2014-05-10 08:41 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\GitHub
2014-05-10 08:48 - 2014-05-10 08:48 - 00000000 ___DC () C:\Users\Saliom\Documents\GitHub
2014-05-10 08:48 - 2014-05-10 08:48 - 00000000 ___DC () C:\Users\Saliom\.ssh
2014-05-10 08:48 - 2014-05-10 08:41 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\GitHub
2014-05-10 08:48 - 2013-07-09 08:32 - 00000000 ___DC () C:\users\Saliom
2014-05-10 08:44 - 2013-10-04 10:25 - 00000000 ___DC () C:\Program Files (x86)\NCWest
2014-05-10 08:41 - 2014-05-10 08:27 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\Deployment
2014-05-10 08:27 - 2014-05-10 08:27 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\Apps\2.0
2014-05-10 07:15 - 2013-07-09 16:18 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-08 09:23 - 2013-07-14 14:48 - 00004064 ____C () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 09:23 - 2013-07-14 14:48 - 00003812 ____C () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-28 10:49 - 2014-02-08 03:35 - 00000000 ___DC () C:\Users\Saliom\AppData\Local\35F6D71F-77AE-4BE2-BB68-D23E7337598D.aplzod
2014-04-27 05:56 - 2013-09-01 09:03 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2014-04-24 03:24 - 2014-04-24 03:24 - 00000029 ____C () C:\Windows\DEBUGSM.INI
2014-04-23 10:47 - 2014-04-23 08:05 - 00000000 ___DC () C:\ProgramData\EPSON
2014-04-23 08:18 - 2014-04-23 08:18 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\EPSON
2014-04-23 08:15 - 2014-04-23 08:15 - 00002301 ____C () C:\Users\Public\Desktop\EPSON File Manager.lnk
2014-04-23 08:14 - 2014-04-23 08:14 - 00000000 ___DC () C:\Program Files (x86)\EPSON
2014-04-23 08:14 - 2013-07-10 03:56 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 _SHDC () C:\security
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 _SHDC () C:\Kernel
2014-04-23 08:03 - 2014-04-23 08:03 - 00000000 ___DC () C:\Windows\System32\system
2014-04-21 12:37 - 2013-07-10 07:46 - 00000000 ___DC () C:\Users\Saliom\AppData\Roaming\IObit
2014-04-21 11:36 - 2014-04-21 11:36 - 00003498 ____C () C:\Windows\System32\Tasks\SmartDefrag3_Schedule
2014-04-21 11:36 - 2014-04-21 11:36 - 00003166 ____C () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-04-21 11:36 - 2014-02-06 13:27 - 00000857 ____C () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-04-21 08:32 - 2014-04-21 08:32 - 00000000 ___DC () C:\Windows\Sun
2014-04-21 04:04 - 2014-04-21 04:04 - 00000000 ___DC () C:\ProgramData\Oracle
2014-04-21 04:04 - 2013-07-16 18:39 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 04:04 - 2013-07-16 18:38 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 04:04 - 2013-07-16 18:38 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 04:04 - 2013-07-16 18:38 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 14:06 - 2014-03-25 07:47 - 00313256 ____C (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-04-20 14:06 - 2014-03-25 07:47 - 00189352 ____C (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-04-20 14:06 - 2014-03-25 07:47 - 00189352 ____C (Oracle Corporation) C:\Windows\System32\java.exe
2014-04-20 14:06 - 2014-03-25 07:47 - 00108968 ____C (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-20 13:41 - 2014-04-20 13:41 - 00001227 ____C () C:\Users\Saliom\Desktop\WebSite Auditor.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001204 ____C () C:\Users\Saliom\Desktop\LinkAssistant.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001185 ____C () C:\Users\Saliom\Desktop\SEO SpyGlass.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001185 ____C () C:\Users\Saliom\Desktop\Rank Tracker.lnk
2014-04-20 13:41 - 2014-04-20 13:41 - 00001162 ____C () C:\Users\Saliom\Desktop\BuzzBundle.lnk
2014-04-20 04:17 - 2014-03-29 10:07 - 00004331 ____C () C:\Users\Saliom\AppData\Localtransition_9630a09080696d78a06e2ad33ebbb23e.ini
2014-04-18 11:13 - 2013-08-13 10:52 - 00000000 ___DC () C:\ProgramData\Adobe
2014-04-18 09:58 - 2013-07-09 08:36 - 00120088 ____C () C:\Users\Saliom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 03:47 - 2013-07-12 10:28 - 00000903 ____C () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-04-16 23:21 - 2014-03-27 15:17 - 00018278 ____C () C:\Windows\DirectX.log
2014-04-13 14:23 - 2013-08-07 13:11 - 00000000 ___DC () C:\Users\Saliom\Documents\My Games

ZeroAccess:
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Some content of TEMP:
====================
C:\Users\Saliom\AppData\Local\Temp\NDP451-KB2859818-Web.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3914.36 MB
Available physical RAM: 3330.64 MB
Total Pagefile: 3912.5 MB
Available Pagefile: 3328.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:40 GB) (Free:10.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Disque local) (Fixed) (Total:399.66 GB) (Free:119.17 GB) NTFS
Drive g: (CLE USB) (Removable) (Total:7.31 GB) (Free:7.29 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 20DC472D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=26 GB) - (Type=05)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-01-08 15:20

==================== End Of Log ============================

  • And here is the result of the search :
Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by SYSTEM at 2014-05-13 16:53:05
Running from G:\
Boot Mode: Recovery

================== Search Files: "services.exe;winsrv.*" =============

C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4695ae9d4576c955\winsrv.dll.mui
[2013-07-09 12:14] - [2009-07-13 09:38] - 0009216 ____A (Microsoft Corporation) B5F42F7ACE825E609B763394F30351A4

C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a412dbba527dc14e\winsrv.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:08] - 0008192 ____A (Microsoft Corporation) 9848765E88322400BDC710A76ADEA841

C:\Windows\winsxs\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f73383a8d7b376e\winsrv.dll.mui
[2013-07-14 17:58] - [2009-07-13 09:42] - 0008192 ____A (Microsoft Corporation) C0DC5AD73F2C44CABD510578D01BAF2C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2013-12-04 14:36] - [2013-12-04 14:36] - 0215040 ____A (Microsoft Corporation) 516D82106CAFAE156C61C5AB627A6409

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_152b1d6acc153304\winsrv.dll
[2013-10-11 10:41] - [2013-10-11 10:41] - 0215040 ____A (Microsoft Corporation) 99AACC82C6B8A8E976CA59CFD3C322EF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2013-07-09 20:44] - [2012-11-29 21:55] - 0215040 ____A (Microsoft Corporation) C2B1F6196C7FE1EA1BF827312B095D06

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_149eb11db2f87cbc\winsrv.dll
[2013-10-11 10:41] - [2013-10-11 10:41] - 0215040 ____A (Microsoft Corporation) 88EDD0B34EED542745931E581AD21A32

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2013-07-09 10:14] - [2013-01-03 21:46] - 0215040 ____A (Microsoft Corporation) 0C27239FEA4DB8A2AAC9E502186B7264

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2013-07-09 20:44] - [2012-11-29 21:45] - 0215040 ____A (Microsoft Corporation) 9E479C2B605C25DA4971ABA36250FAEF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2013-07-12 19:36] - [2010-11-20 05:27] - 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21386_none_12fe0cb0cf2311ed\winsrv.dll
[2013-07-09 20:44] - [2012-11-29 21:43] - 0215040 ____A (Microsoft Corporation) B0F0F844BB3BA4C25837310FD0909BFD

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17179_none_12823ec9b5faa510\winsrv.dll
[2013-07-09 20:44] - [2012-11-29 21:49] - 0215040 ____A (Microsoft Corporation) C4C551E6AB333C0EB812A3A4672E89DB

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0214016 ____A (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3c41044b1116075a\winsrv.dll.mui
[2013-07-09 12:14] - [2009-07-13 09:58] - 0009216 ____A (Microsoft Corporation) E135E584FBE4C3F8AA260AB93F00CB68

C:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99be31681e1cff53\winsrv.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:25] - 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

C:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_051e8de8591a7573\winsrv.dll.mui
[2013-07-14 17:58] - [2009-07-13 10:02] - 0008192 ____A (Microsoft Corporation) 93E0C17C3AF40978DB9BEC7A6CF6482A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm_31bf3856ad364e35_6.1.7600.16385_none_74fe9f3a6d505307\Winsrv.admx
[2009-06-10 12:42] - [2009-06-10 12:42] - 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62a14f86602a99f5\Winsrv.adml
[2013-07-09 12:14] - [2009-07-13 09:56] - 0001723 ____A () 1B4EF8AEED5231138EDE3B8739F8450A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c01e7ca36d3191ee\Winsrv.adml
[2009-07-13 21:35] - [2009-07-13 18:29] - 0001453 ____A () 76D4B8899387BCD0C081D4301E1B18DE

C:\Windows\winsxs\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_2b7ed923a82f080e\Winsrv.adml
[2013-07-14 17:58] - [2009-07-13 10:00] - 0002061 ____A () 352C11D67E47C066DF7DF2BED800D25C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\SysWOW64\fr-FR\winsrv.dll.mui
[2013-07-09 12:14] - [2009-07-13 09:38] - 0009216 ____A (Microsoft Corporation) B5F42F7ACE825E609B763394F30351A4

C:\Windows\SysWOW64\en-US\winsrv.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:08] - 0008192 ____A (Microsoft Corporation) 9848765E88322400BDC710A76ADEA841

C:\Windows\SysWOW64\ar-SA\winsrv.dll.mui
[2013-07-14 17:58] - [2009-07-13 09:42] - 0008192 ____A (Microsoft Corporation) C0DC5AD73F2C44CABD510578D01BAF2C

C:\Windows\system64\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\winsrv.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0214016 ____A (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

C:\Windows\system64\en-US\winsrv.dll.mui
[2009-07-13 19:03] - [2009-07-13 19:03] - 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\winsrv.dll
[2013-10-11 10:41] - [2013-10-11 10:41] - 0215040 ____A (Microsoft Corporation) 88EDD0B34EED542745931E581AD21A32

C:\Windows\System32\fr-FR\winsrv.dll.mui
[2013-07-09 12:14] - [2009-07-13 09:58] - 0009216 ____A (Microsoft Corporation) E135E584FBE4C3F8AA260AB93F00CB68

C:\Windows\System32\en-US\winsrv.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:25] - 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

C:\Windows\System32\ar-SA\winsrv.dll.mui
[2013-07-14 17:58] - [2009-07-13 10:02] - 0008192 ____A (Microsoft Corporation) 93E0C17C3AF40978DB9BEC7A6CF6482A

C:\Windows\PolicyDefinitions\Winsrv.admx
[2009-06-10 12:42] - [2009-06-10 12:42] - 0001342 ____A () B28573159BDEA736F3BDFF16604A4AD3

C:\Windows\PolicyDefinitions\fr-FR\Winsrv.adml
[2013-07-09 12:14] - [2009-07-13 09:56] - 0001723 ____A () 1B4EF8AEED5231138EDE3B8739F8450A

C:\Windows\PolicyDefinitions\en-US\Winsrv.adml
[2009-07-13 21:35] - [2009-07-13 18:29] - 0001453 ____A () 76D4B8899387BCD0C081D4301E1B18DE

C:\Windows\PolicyDefinitions\ar-SA\Winsrv.adml
[2013-07-14 17:58] - [2009-07-13 10:00] - 0002061 ____A () 352C11D67E47C066DF7DF2BED800D25C

X:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0214016 ____A (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

X:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99be31681e1cff53\winsrv.dll.mui
[2009-07-13 19:03] - [2009-07-13 19:03] - 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

X:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\winsrv.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0214016 ____A (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

X:\Windows\System32\en-US\winsrv.dll.mui
[2009-07-13 19:03] - [2009-07-13 19:03] - 0008192 ____A (Microsoft Corporation) 0E4E26AF593AC5023E55333096DDD9EA

====== End Of Search ======

That's all! I hope that you will help me to find a solution to this problem. Im running now on Ubuntu 13.10 installed on another partition, but I really need my Windows for some programs and I don't want to reinstall all of my drivers, software, etc..

Thanks for your future replies.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,

You're infected with ZeroAccess virus, and first thing we're going to do is to make your computer bootable. We'll deal with virus later.


Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
 

Attachments

  • fixlist.txt
    29 bytes · Views: 73

Similar threads

Trustless
    • +Reputation
  • Locked
Trouble Removing a Chrome Redirecting Type Malware/Adware
Replies
4
Views
641
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
Similar problem to prinzarthur my NebulaFractica extension wont go away
Replies
4
Views
572
Windows Malware Removal Help & Support
nasdaq
nasdaq
mcmissouri
    • Love
  • Locked
pejhfhcoekcajgokallhmklcjkkeemgj I can't get rid of this f****** extension on chrome. I see you guys are the masters of your trade. Can one of yo
Replies
9
Views
633
Windows Malware Removal Help & Support
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top